Hi, I have a frontend server on a DMZ running RH ES 3 up3 and squirrelmail 1.4.8. php 4.3.2 Thousand of email were sent in two occasions and the only evidence of the abuse was on the access_log (squirrel_logger) an entry from the ip which was sending the messages.
There was no evidence of brute force attack. Infact there weren't many entry in access_log of failed logging. Well I don't know if this is enough to say that I wasn't under a brute force attack. However now I'm asking myself if a spammer, getting the login credential in squirrelmail (IMAP auth toward the local imap server) can send thousand of email in an automatic way. Temporarily I blocked the original ip range at firewall level but I think this can only delay the next attack. I'm working on lockout plugin and captcha, but before going on, I should know if in this case squirrel is the weakest part of this puzzle. Any suggestion? Thanks in advance, Leo ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
